Skip to content

Sns: v2 data protection operations #13525

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
baermat merged 6 commits into from
Dec 17, 2025
Merged

Sns: v2 data protection operations #13525

baermat merged 6 commits into from
Dec 17, 2025

Conversation

@baermat
Copy link
Member

@baermat baermat commented Dec 15, 2025
edited
Loading

Motivation

Adds methods for creating and retrieving data protection policies. These policies are not enforced with this PR, since the methods are not present in moto right now to begin with.
closes PNX-74
closes PNX-378

Changes

  • adds put_data_protection_policy, get_data_protection_policy

Tests

Related

@baermat baermat added semver: minor Non-breaking changes which can be included in minor releases, but not in patch releases docs: skip Pull request does not require documentation changes notes: skip Pull request does not have to be mentioned in the release notes labels Dec 15, 2025
@baermat baermat force-pushed the sns/v2-data-protection branch from ad28068 to 82ab790 Compare December 15, 2025 14:24
@baermat baermat marked this pull request as ready for review December 15, 2025 14:26
@baermat baermat requested a review from bentsku as a code owner December 15, 2025 14:26
@github-actions
Copy link

github-actions bot commented Dec 15, 2025
edited
Loading

Test Results - Preflight, Unit

22 981 tests  +3   21 139 ✅ +3   6m 50s ⏱️ +18s
     1 suites ±0    1 842 💤 ±0 
     1 files   ±0        0 ❌ ±0 

Results for commit 734c2de. ± Comparison against base commit 4532ad6.

This pull request removes 1 and adds 4 tests. Note that renamed tests count towards both. 
tests.unit.aws.test_connect.TestClientFactory ‑ test_typed_client_creation[mediastore]

tests.unit.aws.test_service_router ‑ test_service_router_works_for_every_service[account-rest-json-GetGovCloudAccountInformation]
tests.unit.aws.test_service_router ‑ test_service_router_works_for_every_service[ce-json-ListCostCategoryResourceAssociations]
tests.unit.aws.test_service_router ‑ test_service_router_works_for_every_service[quicksight-rest-json-GetIdentityContext]
tests.unit.aws.test_service_router ‑ test_service_router_works_for_every_service[redshift-serverless-json-GetIdentityCenterAuthToken]

♻️ This comment has been updated with latest results.

@github-actions
Copy link

github-actions bot commented Dec 15, 2025
edited
Loading

Test Results - Alternative Providers

208 tests   164 ✅  2m 5s ⏱️
  1 suites   44 💤
  1 files      0 ❌

Results for commit 734c2de.

♻️ This comment has been updated with latest results.

@github-actions
Copy link

github-actions bot commented Dec 15, 2025
edited
Loading

Test Results (amd64) - Acceptance

7 tests  ±0   5 ✅ ±0   3m 0s ⏱️ +3s
1 suites ±0   2 💤 ±0 
1 files   ±0   0 ❌ ±0 

Results for commit 734c2de. ± Comparison against base commit 4532ad6.

♻️ This comment has been updated with latest results.

@github-actions
Copy link

github-actions bot commented Dec 15, 2025
edited
Loading

Test Results (amd64) - Integration, Bootstrap

    5 files      5 suites   1h 28m 47s ⏱️
3 146 tests 2 976 ✅ 170 💤 0 ❌
3 154 runs  2 978 ✅ 176 💤 0 ❌

Results for commit 734c2de.

♻️ This comment has been updated with latest results.

@github-actions
Copy link

github-actions bot commented Dec 15, 2025
edited
Loading

LocalStack Community integration with Pro

    2 files  ±    0      2 suites  ±0   59m 54s ⏱️ - 57m 13s
3 122 tests  - 2 024  2 949 ✅  - 1 801  173 💤  - 223  0 ❌ ±0 
3 126 runs   - 2 022  2 951 ✅  - 1 799  175 💤  - 223  0 ❌ ±0 

Results for commit 734c2de. ± Comparison against base commit 4532ad6.

This pull request removes 2030 and adds 6 tests. Note that renamed tests count towards both. 
tests.aws.scenario.bookstore.test_bookstore.TestBookstoreApplication ‑ test_lambda_dynamodb
tests.aws.scenario.bookstore.test_bookstore.TestBookstoreApplication ‑ test_opensearch_crud
tests.aws.scenario.bookstore.test_bookstore.TestBookstoreApplication ‑ test_search_books
tests.aws.scenario.bookstore.test_bookstore.TestBookstoreApplication ‑ test_setup
tests.aws.scenario.kinesis_firehose.test_kinesis_firehose.TestKinesisFirehoseScenario ‑ test_kinesis_firehose_s3
tests.aws.scenario.lambda_destination.test_lambda_destination_scenario.TestLambdaDestinationScenario ‑ test_destination_sns
tests.aws.scenario.lambda_destination.test_lambda_destination_scenario.TestLambdaDestinationScenario ‑ test_infra
tests.aws.scenario.loan_broker.test_loan_broker.TestLoanBrokerScenario ‑ test_prefill_dynamodb_table
tests.aws.scenario.loan_broker.test_loan_broker.TestLoanBrokerScenario ‑ test_stepfunctions_input_recipient_list[step_function_input0-SUCCEEDED]
tests.aws.scenario.loan_broker.test_loan_broker.TestLoanBrokerScenario ‑ test_stepfunctions_input_recipient_list[step_function_input1-SUCCEEDED]
…

tests.aws.services.apigateway.test_apigateway_api.TestApiGatewayVpcLink ‑ test_create_vpc_link_invalid_parameters
tests.aws.services.apigateway.test_apigateway_api.TestApiGatewayVpcLink ‑ test_delete_vpc_link_invalid_id
tests.aws.services.apigateway.test_apigateway_api.TestApiGatewayVpcLink ‑ test_get_vpc_link_invalid_id
tests.aws.services.apigateway.test_apigateway_api.TestApiGatewayVpcLink ‑ test_update_vpc_link_invalid_id
tests.aws.services.apigateway.test_apigateway_api.TestApiGatewayVpcLink ‑ test_vpc_link_lifecycle
tests.aws.services.sns.test_sns.TestSNSTopicCrudV2 ‑ test_data_protection_policy_crud
This pull request removes 224 skipped tests and adds 1 skipped test. Note that renamed tests count towards both. 
tests.aws.scenario.kinesis_firehose.test_kinesis_firehose.TestKinesisFirehoseScenario ‑ test_kinesis_firehose_s3
tests.aws.scenario.loan_broker.test_loan_broker.TestLoanBrokerScenario ‑ test_stepfunctions_input_recipient_list[step_function_input4-FAILED]
tests.aws.scenario.mythical_mysfits.test_mythical_misfits.TestMythicalMisfitsScenario ‑ test_deployed_infra_state
tests.aws.scenario.mythical_mysfits.test_mythical_misfits.TestMythicalMisfitsScenario ‑ test_populate_data
tests.aws.scenario.mythical_mysfits.test_mythical_misfits.TestMythicalMisfitsScenario ‑ test_user_clicks_are_stored
tests.aws.services.cloudcontrol.test_cloudcontrol_api.TestCloudControlResourceApi ‑ test_api_exceptions
tests.aws.services.cloudcontrol.test_cloudcontrol_api.TestCloudControlResourceApi ‑ test_create_exceptions
tests.aws.services.cloudcontrol.test_cloudcontrol_api.TestCloudControlResourceApi ‑ test_create_invalid_desiredstate
tests.aws.services.cloudcontrol.test_cloudcontrol_api.TestCloudControlResourceApi ‑ test_double_create_with_client_token
tests.aws.services.cloudcontrol.test_cloudcontrol_api.TestCloudControlResourceApi ‑ test_lifecycle
…

tests.aws.services.sns.test_sns.TestSNSTopicCrudV2 ‑ test_data_protection_policy_crud

♻️ This comment has been updated with latest results.

bentsku
bentsku reviewed Dec 15, 2025
View reviewed changes
Copy link
Contributor

@bentsku bentsku left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice work! Nice that we have support for more operations now! I've checked the logic and I think the EffectiveDeliveryPolicy new logic is not correct, this is added at topic creation I believe. I've added more context in the comment 👍

tests/aws/services/sns/test_sns.py Outdated
Comment on lines 652 to 654
# check if policy shows up in the attributes
response = aws_client.sns.get_topic_attributes(TopicArn=topic_arn)
snapshot.match("get-topic-attributes", response)
Copy link
Contributor

@bentsku bentsku Dec 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: could we maybe call get_topic_attributes before calling put_data_protection_policy to see the before/after? I'm curious about the EffectiveDeliveryPolicy being created 😄

I've given it a try locally and I can confirm that the EffectiveDeliveryPolicy is already present before the call, so I think the logic needs to be updated. This can be done either in this PR (add the policy at topic creation) or in another PR (add a snapshot skip for the delivery policy for now in this PR and add the policy in a follow-up PR)

Copy link
Member Author

@baermat baermat Dec 17, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You are right. I moved this to the topic creation, and as a result, also removed the EffectiveDeliveryPolicy from most of the snapshot skips :)

@bentsku bentsku self-requested a review December 17, 2025 16:13
bentsku
bentsku approved these changes Dec 17, 2025
View reviewed changes
Copy link
Contributor

@bentsku bentsku left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! Thanks for addressing the comment! I've added another comment regarding the EffectiveDeliveryPolicy, to make sure we're updating it when updating the DeliveryPolicy but this should be tackled as a follow-up 👍 nice work!

localstack-core/localstack/services/sns/v2/provider.py
return default_attributes


def _create_default_effective_delivery_policy():
Copy link
Contributor

@bentsku bentsku Dec 17, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I believe this is somewhat of the default: I think the behavior is somewhat different: the EffectiveDeliveryPolicy is a merged value between the default value and what would be set for DeliveryPolicy. Meaning if you set for example the defaultRequestPolicy in your DeliveryPolicy, you effective delivery policy will be a merged between the default value, and that value you set, effectively being the "Effective" value.

I believe we will need to implement this behavior, it would be a great addition.

Doesn't need to be implemented in this PR as we had an issue before already, but it would be nice to keep track of this 👍 (basically updating the effective policy when updating the delivery policy)

@baermat baermat merged commit 9d08473 into main Dec 17, 2025
43 checks passed
@baermat baermat deleted the sns/v2-data-protection branch December 17, 2025 16:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bentsku bentsku bentsku approved these changes

Assignees

No one assigned

Labels

docs: skip Pull request does not require documentation changes notes: skip Pull request does not have to be mentioned in the release notes semver: minor Non-breaking changes which can be included in minor releases, but not in patch releases

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@baermat @bentsku